问题描述
我有一个使用组织身份验证(Azure AD)的MVC5,EF6应用程序,除一件事外,其他所有功能都工作正常. WebAPI控制器需要处理未经身份验证的客户端的请求.客户端通常是发出AJAX请求的Android设备.
I have an MVC5, EF6 app which uses organizational authentication (Azure AD) and all is working fine except for one thing. There is a requirement for a WebAPI controller to process requests from unauthenticated clients. The clients are normally Android devices issuing AJAX requests.
在向MVC应用程序添加组织身份验证之前,WebAPI控制器已被调用并正常运行,因此我知道路由正确.现在,我添加了组织身份验证,不再调用我的WebAPI控制器,并且客户端的AJAX请求超时.
Before I added organizational authentication to my MVC app, my WebAPI controller was being called and functioned correctly so I know my routing is correct. Now I've added organizational authentication, my WebAPI controller is no longer called and the client's AJAX request times out.
我了解到有诸如[Authorize]之类的属性来指定对控制器/方法的访问,但是当使用组织身份验证时,似乎没有调用[Authorize]属性的WebAPI控制器.
I understand there are attributes such as [Authorize] to specify access to controllers/methods but when using organizational authentication, it appears that WebAPI controllers without the [Authorize] attribute do not get called.
我的问题是,我可以标记我的WebAPI控制器以允许未经身份验证的客户端发出请求吗?
My question is, can I mark my WebAPI controller to allow requests from unauthenticated clients, if so how can I do it?
非常感谢.
推荐答案
答案是通过在Web.config根文件中输入以下xml,以允许匿名连接到特定控制器.
The answer is to allow anonymous connections to a specific controller by entering the xml below into the root Web.config file.
如果您的控制器名为"PersonController",那么您应该在path属性中输入的名称是"person"而不是"personcontroller".
If your controller is called "PersonController", then the name you should enter into the path attribute is "person" NOT "personcontroller".
在我的情况下,因为我想允许对WebAPI控制器的匿名请求,所以我需要在path属性中以"api/"作为我的控制器名称的前缀.
In my case, because I want to allow anonymous requests to a WebAPI controller, I need to prefix my controller name in the path attribute with "api/".
希望这可以帮助可能遇到相同问题的其他人.
Hope this helps others who may run into the same issue.
<location path="api/my-controller-name">
<system.web>
<authorization>
<allow users="?" />
</authorization>
</system.web>
</location>
这篇关于我可以绕过MVC应用程序中的WebAPI控制器的组织身份验证吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!